Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching for ld.so removes outdated cache files without properly checking that the app controlled path to the outdated cache is in the cache directory. This allows Flatpak apps to delete arbitrary files on the host. This vulnerability is fixed in 1.16.4.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
References
History
Tue, 07 Apr 2026 22:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching for ld.so removes outdated cache files without properly checking that the app controlled path to the outdated cache is in the cache directory. This allows Flatpak apps to delete arbitrary files on the host. This vulnerability is fixed in 1.16.4. | |
| Title | Flatpak affected by arbitrary file deletion on the host filesystem | |
| Weaknesses | CWE-22 | |
| References |
| |
| Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2026-04-07T21:29:44.601Z
Updated: 2026-04-07T21:29:44.601Z
Reserved: 2026-03-25T16:21:40.868Z
Link: CVE-2026-34079
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-04-07T22:16:22.080
Modified: 2026-04-07T22:16:22.080
Link: CVE-2026-34079
Redhat
No data.